From e4566af5155e8e824ccf3ff7c482bf9fa418c608 Mon Sep 17 00:00:00 2001
From: Christophe Siraut <csiraut@entrouvert.com>
Date: Tue, 8 Sep 2020 14:07:53 +0200
Subject: [PATCH] journal/views: manage both nginx and haproxy vars in
 ssl_client_verify; raise exception on insert error

---
 logtracker/journal/journalstream.py |  6 +++++-
 logtracker/journal/views.py         | 25 +++++++++++++++----------
 tests/test_journalstream.py         |  4 ++--
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/logtracker/journal/journalstream.py b/logtracker/journal/journalstream.py
index ad03c9f..7bf2cfb 100644
--- a/logtracker/journal/journalstream.py
+++ b/logtracker/journal/journalstream.py
@@ -10,7 +10,11 @@ field_multiline_pattern = re.compile(r'^([A-Z_][A-Z0-9_]+)\n([\w\W]*)$')
 def handle_journal_upload_stream(journal_stream, debug=False):
     tail = ''
     while True:
-        line = journal_stream.readline().decode('utf-8', errors='replace').rstrip('\n')
+        try:
+            rline = journal_stream.readline()
+        except AttributeError:
+            break
+        line = rline.decode('utf-8', errors='replace').rstrip('\n')
         if line.endswith('\r'):
             line = line.rstrip('\r')
             if not line:
diff --git a/logtracker/journal/views.py b/logtracker/journal/views.py
index 5fc2a4f..607c973 100644
--- a/logtracker/journal/views.py
+++ b/logtracker/journal/views.py
@@ -59,8 +59,16 @@ def ssl_client_verify(view):
     @wraps(view)
     def wrapper(request, *args, **kwargs):
         headers = request.META
-        if headers.get('X-SSL') == 1 and headers.get('X-SSL-Client-Verify') == 0:
-            request.host_verified = headers.get('X-SSL-Client-CN')
+        if headers.get('HTTP_X_SSL') == "1" and (
+            headers.get('HTTP_X_SSL_CLIENT_VERIFY') == "0"
+            or headers.get('HTTP_X_SSL_CLIENT_VERIFY') == "SUCCESS"
+        ):
+            cn = headers.get('HTTP_X_SSL_CLIENT_CN')
+            dn = headers.get('HTTP_X_SSL_CLIENT_DN')
+            if cn:
+                request.host_verified = cn
+            else:
+                request.host_verified = dn.split(',')[0].split('=')[1]
         else:
             if settings.DEBUG:
                 request.host_verified = 'test_host'
@@ -94,14 +102,11 @@ def UploadView(request, debug=False):
                 count += 1
                 if debug and count % 1000 == 0:
                     print(count, timestamp)
-            try:
-                Entry.objects.bulk_create(new_entries)
-                new_entries = []
-            except:
-                # todo: log errors or raise?
-                continue
+            Entry.objects.bulk_create(new_entries)
+            new_entries = []
         if debug:
-            elapsed = datetime.datetime.now() - start_timestamp
+            elapsed = datetime.datetime.now() - now
             print('elapsed: %s' % elapsed)
             print('count: %s' % count)
-    return HttpResponse('')
+        return HttpResponse('added %s' % count)
+    raise PermissionDenied
diff --git a/tests/test_journalstream.py b/tests/test_journalstream.py
index 1012675..1e1fd6a 100644
--- a/tests/test_journalstream.py
+++ b/tests/test_journalstream.py
@@ -94,13 +94,13 @@ _SOURCE_REALTIME_TIMESTAMP=1596449391625441
 
 
 def test_journal_stream_auth(client):
-    page = client.get('/upload')
+    page = client.post('/upload')
     assert page.status_code == 403
 
 
 @override_settings(DEBUG=True)
 def test_journal_stream_auth_debug(client):
-    page = client.get('/upload')
+    page = client.post('/upload')
     assert page.status_code == 200